CICI: CE: Improving the Security of a Science DMZ

CICI：CE：提高科学 DMZ 的安全性

• 批准号: 1739025
• 负责人: Matt Bishop
• 金额: $ 73.81万
• 依托单位: University of California-Davis
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-10-01 至 2021-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1739025&HistoricalAwards=false
• 关键词: CICI; CE; Improving; Security; Science

The term "big science" refers to science that involves massive amounts of data. Moving this data through ordinary networks is very slow, in part because the amount of data is more than ordinary networks are designed to handle, and in part because of the checking that network security mechanisms perform. The "science DMZ" (DeMilitarized Zone) is a special network designed to move massive amounts of data very quickly. The need to do so results in compromises affecting security; checking is done on entry, and only for the first part of the connection. If the connection is suspicious, it is blocked; otherwise, it is allowed through. This project extends the checking by sampling the data in the connection throughout the lifetime of the connection. Then, if something suspicious is detected in the samples, appropriate action can be taken. A second goal of this project is to determine what procedural or technical actions are most effective when malicious flows are detected. The final goal is to determine how to speed up the security analysis so the impact on the throughput is both minimal and acceptable. The overall goal is to secure the science DMZ network without sacrificing speed.More specifically, on a science DMZ, large amounts of data are moved, making it very difficult to secure, so data is sampled only when a connection starts and is analyzed without blocking the connection. If the analysis shows it is malicious, a filter rule is added to the router to drop packets in that connection. This project samples not just at the beginning, but at various times while the connection is active. If something malicious starts during the connection, it can be detected. What to do when suspicious flows are identified is less clear; the project will examine both technical and procedural methods, for example slowing down the flow to where it can be analyzed thoroughly, and then if indeed malicious, provide information to the Chief Information Security Officer?s (CISO) office to enable them to take action. If the flow is not malicious (i.e., a false positive, confirmed by the more detailed analysis), the rate reduction will cease. A key question is how to reduce the time needed for the sampling analysis. Part of this project is to examine how to speed up intrusion detection systems by using GPUs in order to do a quicker analysis.

“大科学”一词指的是涉及大量数据的科学。通过普通网络移动这些数据是非常缓慢的，部分原因是数据量超过了普通网络设计的处理能力，部分原因是网络安全机制执行的检查。“科学DMZ”（非军事区）是一种特殊的网络，旨在快速移动大量数据。这样做的需要会导致影响安全性的妥协;检查是在进入时完成的，并且只针对连接的第一部分。如果连接是可疑的，它将被阻止;否则，允许它通过。此项目通过在连接的整个生命周期中对连接中的数据进行采样来扩展检查。然后，如果在样本中检测到可疑的东西，可以采取适当的行动。该项目的第二个目标是确定在检测到恶意流时，哪些程序或技术操作最有效。最终的目标是确定如何加快安全分析，以便对吞吐量的影响最小且可接受。总体目标是在不牺牲速度的情况下保护科学DMZ网络。更具体地说，在科学DMZ上，大量数据被移动，因此很难保护，因此仅在连接开始时对数据进行采样，并在不阻塞连接的情况下进行分析。如果分析显示它是恶意的，则会向路由器添加过滤规则，以丢弃该连接中的数据包。该项目不仅在开始时采样，而且在连接处于活动状态时的不同时间采样。如果在连接过程中启动了恶意程序，则可以检测到。当发现可疑流量时该怎么做还不太清楚;该项目将审查技术和程序方法，例如减慢流量，以便对其进行彻底分析，然后如果确实是恶意的，则向首席信息安全官提供信息？的（CISO）办公室，使他们能够采取行动。如果流不是恶意的（即，假阳性，通过更详细的分析确认），则速率降低将停止。一个关键问题是如何减少采样分析所需的时间。该项目的一部分是研究如何通过使用GPU来加速入侵检测系统，以便更快地进行分析。

项目成果

Trust-Based Security; Or, Trust Considered Harmful

基于信任的安全；

• DOI: 10.1145/3442167.3442179
• 发表时间: 2020
• 期刊: Proceedings of the 2020 New Security Paradigms Workshop
• 作者: Singer, Abe;Bishop, Matt
• 通讯作者: Bishop, Matt

Insider Attack Detection for Science DMZs Using System Performance Data

使用系统性能数据对科学 DMZ 进行内部攻击检测

• DOI: 10.1109/cns48642.2020.9162260
• 发表时间: 2020
• 期刊: 2020 IEEE Conference on Communications and Network Security (CNS
• 作者: Gegan, Ross;Perry, Brian;Ghosal, Dipak;Bishop, Matt
• 通讯作者: Bishop, Matt

Anomaly Detection for Science DMZs Using System Performance Data

使用系统性能数据进行科学 DMZ 异常检测

• DOI: 10.1109/icnc47757.2020.9049695
• 发表时间: 2020
• 期刊: Networking and Communications
• 作者: Gegan, Ross;Mao, Christina;Ghosal, Dipak;Bishop, Matt;Peisert, Sean
• 通讯作者: Peisert, Sean

A Design for a Collaborative Make-the-Flag Exercise

协作制旗练习的设计

• DOI: 10.1007/978-3-319-99734-6_1
• 发表时间: 2018
• 期刊: Proceedings of the 11th IFIP WG 11.8 World Conference on Information Security Education
• 作者: Bishop, Matt